gstack-workflow-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "Browser Automation" and "Systematic QA Testing" workflows explicitly instruct the agent to visit and interact with arbitrary public URLs (e.g., "/browse https://myapp.com", "/qa https://staging.myapp.com") and import real browser cookies, so the agent will fetch and interpret untrusted third‑party web content as part of its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs cloning and running code from https://github.com/garrytan/gstack.git (git clone ... && ./setup), which fetches remote code that is executed and provides the workflow prompts that directly control the agent and are required for the skill to function.